Low-Cost Ransomware as a Service

Friday, July 15, 2016 @ 09:07 AM gHale


There is a new type of ransomware called Stampado and it is going for a discount price.

While most ransomware families cost hundreds of dollars to rent each month, Stampado costs $39 for a lifetime license.

RELATED STORIES
New Ransomware Encrypts MBR
ICS Components Remain Connected to Internet
Ransomware Masked as Rockwell Update
Android Ransomware Attacks Quadruple

The low-cost ransomware said it has the same features also found in the still-undecrypted CryptoLocker ransomware, said researchers at Heimdal Security, the security vendor that found Stampado’s ad on the Dark Web.

Stampado is advertised as a Ransomware-as-a-Service (RaaS). This means a buyer would receive a builder or get access to a control panel where they could create their custom ransomware file and then embed it in other documents to distribute as spam, adware, or fake installers.

Stampado’s authors said they can provide ransomware payloads in formats such as EXE, BAT, DLL, SCR, and CMD.

Along with the Dark Web advertisement, the ransomware developers recorded a video to guide potential buyers through the infection process. This video provided some clues of how Stampado works.

The ransomware locks files with the “.locked” file extension, also used by other ransomware families, and comes with a very well worded ransom note that includes all the details to pay the ransom.

The ransom fee is probably customizable based on each buyer’s preference, along with a grace period, which in the video appears to be 96 hours.

After that, Stampado will delete a random file from the infected computer every six hours.